Video Activity

VLAN This unit covers Virtual Local Area Networks (VLANs) which allow us to segment a large network. The broadcasts go to the same VLAN and are composed of two major port types: - Access Ports: allow us to connect devices in one particular VLAN to a switch - Trunk Ports: allows us to connect different switches to multiple VLANS VLANS filter with di...

Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

31 hours 29 minutes
Video Description

VLAN This unit covers Virtual Local Area Networks (VLANs) which allow us to segment a large network. The broadcasts go to the same VLAN and are composed of two major port types: - Access Ports: allow us to connect devices in one particular VLAN to a switch - Trunk Ports: allows us to connect different switches to multiple VLANS VLANS filter with different criteria depending on how they're configured: - Physical Port - MAC Addresses - Sub netting IP Addresses VLANs are very useful in that they help to segment large networks, cut down on traffic on make networks a bit more secure.

Video Transcription
next we have the lands. So what is a villain? While a villain is a virtual local area network, we it's described in our 802.1 q specifications.
a villain allows us to segment a large network, essentially by taking different computers that are connected to switches and saying, OK, we're going to create virtual local area networks with these computers, all of these computers may be connected to the same physical switches. All of these computers may not
be outside of other networks in different routers,
but I want to segment thes off for whatever reason. I don't want these computers to the old talk to these computers, so I'm gonna create virtual local area networks in order to segregate them. And we'll need to have our smart switches that we can access in. And we can make changes in their control panels
in order to create these virtual lands. In order to create these v Lance,
RV lands again are going to allow us to segment a large network. And if we were to send a broadcast cast message out from a single computer that's on Avi Land than that broadcast message is only going to go out to other computers that are on the same V land. So say, if we so again if we wanted to segment a network and we said, OK,
we don't want these computers talking to these computers, especially if they're sending out a broadcast met network, our broadcast message. So we're gonna put these computers in different V lance these different V lanes air going to prevent these computers from inadvertently talking to each other.
villains are composed of the two major parts when our two major port types we have access ports and we have trunk ports
now our access ports in our trunk ports, which will explain a little bit more in depth when we get over to our diagram. Our access ports allow us to connect devices that are in one particular villian
to a switch.
Trunk Forts allow us to connect
different switches, which manage multiple V lands together.
Toe allow. If we have devices on one B land trying to connect two devices on another V land, it's on a different switch. Those trunk ports allow us to have access from multiple V. Lance. Multiple billions can talk on that same port. It's a trunk port.
Now our villains filter with different criteria. Depending on how we set them up and how we configure them, we may just configure them based on which physical port they're pulling into our switch. This is a very manual configuration because as soon as we set up our villains and say, OK, the land A is going to be ports 123
789 That's gonna be the land be in our villian a and then Villa and B is going to be the rest of my open ports. Then, if we ever even do so much as, unplug it computer and plug it in somewhere else. If we want it to be on the same be land and that port isn't on that the land we now have to go back into our switch and read your configuration.
We can also filter villains based on Mac addresses and Mac addresses. Give us a little bit less. We're still gonna have to go in manually and say, OK, this Mac address goes to this villain, and this Mac address coast of this feeling, but it still makes it so. It's a little bit less amount of time. We have to constantly be going in and making changes.
So say if we take one computer and then that computer gets unplugged and plugged in somewhere else.
If that computer is on a Mac, it is on a dress. A Mac address list for villain, eh? It's still going to be on villain A even though it's port was switched
and then we have some knitting I p addresses. We talked about how we can do different sub netting of I P addresses. And if we create these different V lands based on submitting their I P address, then that's going to be
even less configuration that are Mac address. We're just going to simply go into our 1,000,000,000 configuration and say, OK, all of our devices, which are on this sub net or in villian a and all of our devices which are on this sub net or on the land be. And so then we just have the configuration on the client side, and we can change them between the lands and change their Mac addresses is necessary.
all of that may have been a little bit confusing without looking at a diagram. So let's look at a diagram now.
So here we have a network that's V land out.
If this network was, uh uh, this network was not be land out, then it would be All of these devices would be able to talk to each other.
These devices are connected by switches, which means that if
we're going to label all of our computers real quick A, B, C, D, e and F
Okay, So if computer A. If this was a non VI land network, if computer a cent out of broadcast message, all of the other computers would receive it
because they're just connected by switches and switches. Do Ford broadcast messages unlike routers.
But let's say we don't want that to happen.
Let's say computers A, C and E, which already have color coded for us, are in the sales department and computers. F, B and D are in the marketing department, and we need to create two separate two separate villains for these two different apartments, or say
we have computers. A, C and E. R. In are all part of our lab computers are Paul. Our own part of our test are
practice computers are lab student computers, and then computers. B, D and F are all part of our corporate computers are all computers that our staff connects to. And we don't necessarily want a student to be able to jump on a lab computer and then attempt to, uh,
attack a, uh,
a staff computer attack a corporate computer. So we want a delay in those out to segregate that traffic.
we're gonna go on our switches,
and on this switch, we're going to do port based configuration. We're gonna do port filtering, and we're going to say that
our computers that are on port
for our first
for our first switch over here are left switch were going to say that computers on port one
and three
on the switch on computers import one and three are going to be access ports for the Blue V Land.
So be villains.
Now again, these are going to be access ports because their devices connecting to our switch that are on a villain. So points one and three on my switch are going to be access ports for the Blue V land. So now these two blue computers are on the blue villain.
Port Number two is going to be a access port for the Green V Land the GV land.
Now we move on and we'll talk about this link over here in just a second. We'll move on to our right switch and we say, OK,
one and three on my right switch are going to be for the Green V Land
and Port four
is going to be for the Blue V Land.
These are two separate switches, so they would have to separate port configuration pages,
switch the left switch. We would have to go in and check the port numbers that we have these computers plugging into and say, OK, this port is going to be on this feel, and the sport is going to be on this fate land and so on and so on.
So we have to do that on the left switch and then do the same configuration on our right switch
and these air going to all these air, all of our access ports.
But a for access ports because they are devices on one particular villain connecting to our switch.
Now, what about
the link between our two switches?
Well, the link between our two switches can't be an access link. Can't be an access port
because then we would have to assign it to one particular villain.
And if we said Okay, well, I have a lot of green over here, so I'm going to say that this port is going to be for the green villain.
Well, then, the only traffic which can go over that port is the traffic from computer F
and computer F can talk to Computer B and D because they're both on the Green V land. But Computer A and E cannot talk to computer. See,
because there's no blue villian traffic allowed on this link.
The same thing if we just the same thing. If we just made this a blue V Lan Ling
computers A and E would be able to talk over, but computers F would not. Computer f would not be able to,
so we need a different way of doing this. We need to set this up as a particular type of port, and that port is called the trunk port
a trunk port,
so port four on our left switch is going to be a trunk port in port to on our right switch is going to also be a trunk port.
And our trunk ports
are gonna be special because they're going to allow traffic from all of our bee lands on it.
We're gonna say Okay,
I know you have some villains over here that I've got over here, and you have more than one. So I'm gonna make this a trunk port, and any villian traffic can talk over this port. That's great.
But now we run into a problem.
When the traffic is being sent from
are left switch to our right switch. How does our right switch know which V land certain traffic belongs to?
If computer A was to send a broadcast packet, that broadcast packet would traverse that trunk port link,
and then the broadcast packet would get over to our right switch on our rights, which would say, Okay, Yeah, have a broadcast packet,
but which mean lands? Do I send this off to remember broadcast packets on lee go to the same V land that the computer's on.
So how do we So how does our trunk port manage that? Well, our trunk port actually, tags are packets that traverse it.
So when are left switch
sins? A pack. Say computer A sends a broadcast packet toe all of the other computers in its V lan.
Our trunk port is going to go. Okay, Before I send this over,
I'm gonna tag this packet. So we have our broadcast packet,
but I'm gonna tag this packet and say
this packet is for the blue villain.
So a blue broadcast package
that package will then traverse the trunk port are other. Switch will take a look at it and say, OK, this packets for the blue, the land And then on Lee, pass it along to see
the exact same scenario if we had a green V land broadcast packet.
So just because computers are in a villain does not mean that our computers send their packets any differently.
The clients on the V Land do not modify how they're sending traffic. They don't modify their packets. They don't say. Okay, I'm on the Blue V land. I'm only going to send an address broadcast packets to these computers. That's not how they work. All the configuration is going to be on our switch. Side are switches are going to be receiving that
and are going to be taking it and saying, OK, this computer or this port is on this particular V land, so I'm gonna only send it to computers on this feeling.
So now we see why we're calling why we call them V Lance. We call them Virtual local area networks. Ah, local area network is a single network that
can talk to each other without having to have information routed anywhere. So
computers A, E and C can all talk to each other.
this entire diagram is one single local area network,
but we're breaking it up into two virtual local area networks. So in the virtual sense in our hypothetical network topology of our different be Leon's.
If we configure our switches properly and we configure RV land proper properly
to computer, eh?
Computers F, D and B do not exist.
Computers A E and C cannot see those computers. So, virtually speaking, they're on their own on their own local area network.
So that's why we call them billions. That's why we call them virtual local area networks. That's how they help us a segment large networks into smaller sub networks into smaller virtual local area networks. On we can take our broadcast packets and weaken segment them up,
and that's what our access ports to do. They connect our devices to our switch, our devices on particular V lands to our switches,
and that's what our trunk ports do. They allow different switches, which manage multiple villains, to connect together and pass traffic from different V lands on that trunk port and and remember they before they pass that traffic over the trunk port. The switch is going to tag which villain that traffic came from. So, uh,
are villains are very useful and they can help us segment large networks,
and we can cut down on network traffic and network noise. We can cut down on our broadcast domains, and we can also make our networks a little bit more secure and segment people into where they need to be
Up Next
CompTIA Network+

This CompTIA Network+ certification training provides you with the knowledge to begin a career in network administration. This online course teaches the skills needed to create, configure, manage, and troubleshoot wireless and wired networks.

Instructed By